Cyber Insurance: Expensive and Hard to Obtain
May 31, 2022
Cyber insurance is a hot topic. It's difficult to obtain coverage with new security measures. Get tips on how to stay covered!
Cyber insurance is a hot topic. It's difficult to obtain coverage with new security measures. Get tips on how to stay covered!
Cyber insurance has quickly become a hot topic. We’re seeing record rate increases. It’s also more difficult to obtain coverage as carriers require new security measures. Yet cyber insurance is something every business owner needs to seriously consider.
Here are tips on how to get and stay covered – even if you’re a small business.
According to the most recent Council’s Commercial Property/Casualty Market Index, the cyber market had a record increase of 34.3% in the last quarter of 2021. This was “the first time since the post-9/11 hard market where a line of business had an increase of over 30%.” Predictions for further increases this year are wide-ranging – from 15% to 50%!
The Miller Group also shed some light on this trend in a previous blog about preparing for property and casualty increases in 2022: “Cyber insurance has historically been under-priced because it was new and had relatively few users. Lack of historical data and claims kept premiums low. But the number of ransomware, phishing and social engineering attacks have skyrocketed, and payouts are going up accordingly.”
Rates are affected somewhat by the rigor of security you’ve established. We’ve seen rate differentials of 100% to 300% for organizations that don’t have strong controls in place. Most underwriters won’t even give you a quote or renew your coverage if you don’t have multi-factor authentication and automated backups in place.
In addition, you may be required to have an endpoint detection and response system. This is a security system that detects and investigates suspicious activities on hosts and endpoints (also known as connection points) that enables your security team to quickly identify and respond to threats. Well-documented employee training on phishing also can be essential.
If you don’t have security controls in place, now is the time to begin adding them. We have seen insurance carriers lower coverage amounts or even deny coverage altogether if MFA and other controls are not in place.
Adding MFA can be quick, or it could take six months or more, depending on your organization and your internal capabilities and complexities. If you need help, The Miller Group can connect you with someone to assess your current security controls.
Based on the type of business you’re running, you may think cyber insurance isn’t necessary. For example, manufacturing companies often feel they don’t need coverage. But with the level of automation in manufacturing right now, they are exposed to cyber risk, too. Any system that connects you to others is a gateway for an invasion that can halt your business and cause production losses.
The size of your company doesn’t matter either. Even small nonprofits can be thrown into turmoil due to hacking. One of our small nonprofit clients was a victim of ransomware and never got their data back.
Third-party IT vendors can be invaluable partners in securing your systems. But be sure to do your due diligence. Don’t assume they are taking care of all your cyber security needs or that their coverage will protect you. You must have your own coverage in place.
Needless to say, this is a topic that keeps us up at night. It represents such a huge exposure, and many businesses are vulnerable today. We hope this information raises your awareness of your potential risk and inspires you to take a few extra steps to make sure you’re covered.
